There is another way to do (1): bond the two interfaces at the network level. That way you just point Ntop at the bond interface and are free to monitor others, receive flows, etc. without merging interfaces. This has become my preferred Ntop hardware configuration - 3 NICs, one for management and flow reception, the other two bonded and attached via passive tap.
Granted, this takes some work that is outside the scope of this list. C -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burton Strauss Sent: Thursday, April 14, 2005 9:17 AM To: [email protected] Subject: RE: [Ntop] Watching Internet Connection: Mirror Port or Cisco flows? The advantage of netFlow is the implicit compression - 15 (or more or less) packets in one 1500 byte packet vs. 15 packets each of whatever length. The disadvantage is that you lose the layer 2 (Ethernet) and internal (deep packet inspection) details. That's a trade-off decision that depends on what you need to pull out of the data. There are two other ways you can grab the data, vs. span. (1) A passive tap. It's easy to build for 10- and 100-BaseT (instructions are at snort.org). Just remember that you will need TWO interfaces on the ntop box (one for each direction) and you MUST merge the traffic (the default, but this means stay away from netFlow!). (2) A true hub. Not a switching hub, but a true hub. These aren't easy to find, but older 3Coms and Linksyses work great. Span too, will certainly work. In either case, remember you don't need to assign (*and don't want to) an IP address to the monitoring interface(s). -----Burton ********************************************************************** Confidential/Proprietary Note The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. Thank you. Guardian Mortgage Documents, Inc. 225 Union Boulevard, Suite 200 Lakewood, CO 80228. ********************************************************************** _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
